“Krypto DB” - a new product in the information security market
The company “Aladdin RD” introduced a new software product - eToken “Crypto DB”, designed to protect data in the Oracle DBMS. This product was developed by Aladdin RD in cooperation with Oracle and expands the standard Oracle DBMS security mechanisms.
How often do you think about the security of your data? Are you sure your data is protected? How much do you trust your specialists serving your DBMS?
I will say a very simple and hackneyed phrase: "the data can be stolen by someone who has access to them."
And now let's see who can have access to ALL the data stored in the DBMS? That's right - the DBMS administrator, or someone who can pretend to them, stealing, for example, a password. How to protect yourself from the administrator? No way! He is the king and god in the system, he can kill her and resurrect from the ashes. He can view and change any data in any database in any table. And nothing can be done about it.
But what if the data is encrypted? That is, the system administrator will have access to them, but they will be a meaningless set of characters for him.
What if the attacker received unauthorized access to the database, but could not “understand” the data he stole?
Here it is - the Solution! Stealing an incomprehensible set of characters is not the same thing as stealing data!
')
The problem was identified, the tendency of the solution was outlined, now a bit of specifics.
The Crypto DB software product allows you to encrypt data in columns of Oracle database tables using GOST algorithms.
I will not describe the installation process, it is better to tell how this software works.
There are 3 main roles in the product:
- Administrator DBMS - the employee responsible for the correct uninterrupted operation of the system.
- A security officer is an employee who is responsible for differentiating access to data, and in normal mode, the security officer does not have access to data.
- User - an employee with rights to access and process data.
Access rights are granted based on digital certificates that are recorded by eToken smart cards.
Consider the process of initial data encryption and the process of differentiating access rights. So, we have a table containing the data we want to protect. For example, this is a list of employees with passport information, home addresses and salary information. It makes no sense to encrypt the entire table, well, any encryption means a decrease in performance, so we will encrypt only the “critical” columns - passport data and wage information. Thus, we will encrypt only two columns from the entire table. To encrypt these columns, it is necessary to generate keys for symmetric data encryption — this function is performed by the Security Officer. After the keys are formed, the DBMS administrator grants the Security Officer access to the table in which the data should be protected. The security officer, using the encryption keys generated earlier, encrypts the specified columns (passport data and salary information), after which access to the table is taken from him. Thus, the product allows you to install protection both on new empty tables and on the table already containing data.
The columns are encrypted, what's next? And then we need to distribute the rights to users. To do this, the Security Officer registers user digital certificates and encrypts symmetric data encryption keys on these certificates. We get that for each user who has the right to process data there is a copy of the symmetric data encryption key encrypted with the user's public key (certificate).
In addition to data encryption, the Crypto DB product also allows auditing of attempts to access encrypted data. Moreover, the audit system can be moved to a separate machine, controlled only by the Security Officer.
Based on the foregoing, we obtain the following:
- The administrator of the DBMS has all the rights in the system and is responsible for its performance. It also has access to all data, but the data that we encrypted will be obtained by the DBMS administrator as inappropriate for further processing.
- The security officer has all the data encryption keys, but does not have access rights to the data itself, since immediately after installing the protection, these rights are taken away from him. The security officer also has access to the audit data.
- A user who has the required rights to receive data in decrypted form suitable for subsequent processing.
This can be represented by the following scheme:
I think it's time for technical details. The “Crypto DB” software product is written in the internal languages of the Oracle DBMS, therefore, when implementing this software product, no modification of the Oracle occurs and no reconfiguration of the DBMS is required.
Since the code is written in the internal languages of the DBMS, the DBMS administrator can change it and embed there any code that allows it to receive the encrypted data in the open form. To protect against this situation, Crypto DB has a mechanism for checking the integrity of the product code.
Currently, the product has a number of limitations, which will be fixed in the following versions:
- “Crypto DB” works only with applications using the “fat” Oracle client. That is, the Oracle Client must be installed on the user's workstation.
- “Crypto DB” does not know how to work on clusters yet, it will be fixed in the next version of the product.
In conclusion, I will say that this product has already been certified for protection classes KS1, KS2 and can be used when building systems of security class up to 1G and in information systems for processing personal data up to class 1 inclusive.
How often do you think about the security of your data? Are you sure your data is protected? How much do you trust your specialists serving your DBMS?
I will say a very simple and hackneyed phrase: "the data can be stolen by someone who has access to them."
And now let's see who can have access to ALL the data stored in the DBMS? That's right - the DBMS administrator, or someone who can pretend to them, stealing, for example, a password. How to protect yourself from the administrator? No way! He is the king and god in the system, he can kill her and resurrect from the ashes. He can view and change any data in any database in any table. And nothing can be done about it.
But what if the data is encrypted? That is, the system administrator will have access to them, but they will be a meaningless set of characters for him.
What if the attacker received unauthorized access to the database, but could not “understand” the data he stole?
Here it is - the Solution! Stealing an incomprehensible set of characters is not the same thing as stealing data!
')
The problem was identified, the tendency of the solution was outlined, now a bit of specifics.
The Crypto DB software product allows you to encrypt data in columns of Oracle database tables using GOST algorithms.
I will not describe the installation process, it is better to tell how this software works.
There are 3 main roles in the product:
- Administrator DBMS - the employee responsible for the correct uninterrupted operation of the system.
- A security officer is an employee who is responsible for differentiating access to data, and in normal mode, the security officer does not have access to data.
- User - an employee with rights to access and process data.
Access rights are granted based on digital certificates that are recorded by eToken smart cards.
Consider the process of initial data encryption and the process of differentiating access rights. So, we have a table containing the data we want to protect. For example, this is a list of employees with passport information, home addresses and salary information. It makes no sense to encrypt the entire table, well, any encryption means a decrease in performance, so we will encrypt only the “critical” columns - passport data and wage information. Thus, we will encrypt only two columns from the entire table. To encrypt these columns, it is necessary to generate keys for symmetric data encryption — this function is performed by the Security Officer. After the keys are formed, the DBMS administrator grants the Security Officer access to the table in which the data should be protected. The security officer, using the encryption keys generated earlier, encrypts the specified columns (passport data and salary information), after which access to the table is taken from him. Thus, the product allows you to install protection both on new empty tables and on the table already containing data.
The columns are encrypted, what's next? And then we need to distribute the rights to users. To do this, the Security Officer registers user digital certificates and encrypts symmetric data encryption keys on these certificates. We get that for each user who has the right to process data there is a copy of the symmetric data encryption key encrypted with the user's public key (certificate).
In addition to data encryption, the Crypto DB product also allows auditing of attempts to access encrypted data. Moreover, the audit system can be moved to a separate machine, controlled only by the Security Officer.
Based on the foregoing, we obtain the following:
- The administrator of the DBMS has all the rights in the system and is responsible for its performance. It also has access to all data, but the data that we encrypted will be obtained by the DBMS administrator as inappropriate for further processing.
- The security officer has all the data encryption keys, but does not have access rights to the data itself, since immediately after installing the protection, these rights are taken away from him. The security officer also has access to the audit data.
- A user who has the required rights to receive data in decrypted form suitable for subsequent processing.
This can be represented by the following scheme:
I think it's time for technical details. The “Crypto DB” software product is written in the internal languages of the Oracle DBMS, therefore, when implementing this software product, no modification of the Oracle occurs and no reconfiguration of the DBMS is required.
Since the code is written in the internal languages of the DBMS, the DBMS administrator can change it and embed there any code that allows it to receive the encrypted data in the open form. To protect against this situation, Crypto DB has a mechanism for checking the integrity of the product code.
Currently, the product has a number of limitations, which will be fixed in the following versions:
- “Crypto DB” works only with applications using the “fat” Oracle client. That is, the Oracle Client must be installed on the user's workstation.
- “Crypto DB” does not know how to work on clusters yet, it will be fixed in the next version of the product.
In conclusion, I will say that this product has already been certified for protection classes KS1, KS2 and can be used when building systems of security class up to 1G and in information systems for processing personal data up to class 1 inclusive.
Source: https://habr.com/ru/post/115679/
All Articles